From the SANS Institute Newsletter:

Large Criminal Hacker Attack on Windows NT E-Banking and E-Commerce
Sites

3:00 PM EST, Thursday, March 8, 2001

In the largest criminal Internet attack to date, a group of Eastern
European hackers has spent a year systematically exploiting known
Windows NT vulnerabilities to steal customer data. More than a million
credit cards have been taken and more than 40 sites have been
victimized.

The FBI and Secret Service are taking the unprecedented step of
releasing detailed forensic information from ongoing investigations
because of the importance of the attacks.

The information was released to the SANS community a short time before
it was made available to the general public so that you can be sure your
systems are safe.

Within a day or two, the Center for Internet Security will release a
small tool that you can use to check your systems for the
vulnerabilities and also to look for files the FBI has found present on
many compromised systems - indicating your system may have already been
compromised by the attacker group.

The Center's tools are normally available only to members, but because
of the importance of this problem, the Center agreed to make the new
tool, built for the Center by Steve Gibson of Gibson Research) available
to all who need it. Center members have already received an invitation
to the conference call this afternoon to get more data on the attack.

If your organization is not a member, we encourage you to join in this
important initiative to fight back against computer crime. See www.cisecurity.org (http://www.cisecurity.org) for a list of members and how to join.

Read more here: http://www.nipc.gov/warnings/advisories/2001/01-003.htm

sounds like a strong argument for a well built unix/linux box...interesting reading though

That would explain the $7 charge on my card...


Hey I'm serious, if you stole millions of cards you could just siphon off a few dollars at a time and you might be able to do it for years!

Largest criminal Internet attack to date? WOW...
Million credit cards...OUCH


Mike

-and this is the software MS would have everyone migrate their servers to?

Yes this problem shouldn't be there in the first place, but these companies really need to get with the program. This bug has been around for a while now and they should keep patching/updating their systems. They should have been patched by now. Especially if they hold important information such as this.

-Microsoft has had a patch available to fix this problem for a while now.

[This message has been edited by rtyp3 (edited 03-09-2001).]

From Steve Gibson's mailbox; the Patch.

As you may recall, the last eMail from me was the early December
announcement of the new "LeakTest" personal firewall leakage
tester. Thanks to your support, 775,778 copies have been
downloaded ... and all major firewall vendors have updated their
products to plug their leaks. In the future, a next generation
of LeakTest will highlight additional problem areas in personal
computing firewalls.

So what is PATCHWORK ??

Last Thursday (March 8th) the United States Federal Bureau of
Investigation -- the FBI -- announced that the Windows NT and
Windows 2000 Internet web servers belonging to at least 40
prominent eCommerce companies have been systematically broken
into by Eastern European hackers. After having their private
customer credit card data stolen, the companies were financially
extorted under the threat of public disclosure of their customers'
data. More than one million credit card purchasing records have
been stolen. You can read the full FBI press release here:

<http://grc.com/pw/FBIannouncement.htm>

Shortly before the FBI's public announcement, I was contacted by
people in Washington and asked if I could produce a utility to
instantly determine whether a Windows NT or 2000 Internet server
was vulnerable to these attacks, and to search the server for any
evidence of previous penetration. The FBI provided all of the
specific details required, so I quickly created my latest
freeware: "PatchWork" (just 30k bytes).

PatchWork is ONLY useful for users running Windows NT or 2000
-- so I know that it will not be of interest to everyone -- but I
wanted you to know that it exists. If you, or anyone you know,
ARE using any version of Windows NT or 2000, you really should
check out PatchWork! It is opening MANY people's eyes ...

http://grc.com/pw/patchwork.htm


The scope of this is incredible!]

From SANS --8 & 9 March 2001 FBI Warns of Enormous Credit Card Theft

The FBI says groups in Russia and the Ukraine have stolen more than one
million credit card numbers from vulnerable websites. The agency's
National Infrastructure Protection Center (NIPC) advises Internet
businesses to be vigilant about data protection and to patch known
security holes. Some of the crackers attempted to extort payments from
the Internet companies, and when their demands weren't met, they
published the card information on-line.
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO58414,00.html http://www.usatoday.com/life/cyber/tech/2001-03-08-fbi-hackers.htm http://www.washingtonpost.com/wp-dyn/articles/A43993-2001Mar8.html http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/
2001/03/09/MN225220.DTL


--9 March 2001 Early Warning Helped

The FBI's warning about website intrusions by organized rings of Eastern
European crackers may have thwarted a number of attacks. Security
experts lauded the FBI for releasing forensics information that helped
defenders, even though the information comes from ongoing
investigations. http://www.computerworld.com/cwi/story/0,1199,NAV47_STO58475,00.html


--9 March 2001 Industry/Government

Consortium Releases Free Tool To
Block Russian Attacks

The Center for Internet Security published PatchWorks, a free tool that
tests Windows NT systems to determine whether the FBI's list of
necessary patches are in place, points directly to the patches on
Microsoft's site if they are not, and retests to be certain they were
installed correctly. It also attempts to determine whether systems have
been compromised by checking for telltale files. The Center is a not-
for-profit consortium of 150 user organizations from 14 countries that
jointly develop consensus on the priority of cyber threats and work
together to forge tools to counter those threats. http://www.cisecurity.org/patchwork.html

[Editor's (Paller) Note: Three security questions are often asked by
savvy senior managers: "What are the most important threats? How do we
counter them? And Are we doing as much as our competitors to improve
security?" Those are the questions the Center helps answer. If your
organization has any customer information stored on computers accessible
from the Internet, you owe it to your customers to become active in the
Center's work and to gain from the unique knowledge that comes from
consolidating the experiences of more than a hundred of government and
commercial organizations. http://www.cusecurity.org

--9 March 2001 Thieves Steal Personal Info via Internet
Microsoft co-founder Paul Allen and Metromedia International Group
Chairman John Kluge are among executives who allegedly had their
identities stolen and bank accounts looted by two Internet thieves,
according to a report. http://news.cnet.com/news/0-1007-200-5078246.html?tag=prntfr


[This message has been edited by socalgal (edited 03-14-2001).]